There are two NetApp connectors:
- the syslog one is under File Transfer & Sharing ("IBM NetApp OnTAP")
- the event log auditing remotely one is under Operating Systems ("NetApp") - and you will ONLY see it on agents (it needs to run from a windows agent since it connects to a remote event log, kind of like a remote windows server except some subtle uniquenesses)
You might deselect all the categories and just do a search -
We have had a customer report that something changed in NetApp's auditing (or certain firmwares are different?) and this method we're using (remote event log collection) may not work. If you're able to use Computer Management to remotely connect to the NetApp device's event log, our method will work. If all you have access to is a bare evtx on a file share, it may not work. We're still researching what/why/how on that issue and don't know how widespread it is.